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DETAILED ACTION 

1 . This Office Action is in response to the Applicant's amendment filed on July 6, 
2009. 

2. Claims 1-9, 11, 13-16 have been amended. 

3. Claims 10 and 12 have been cancelled. 

4. New claims 1 7-1 8 have been added. 

5. Claims 1-9, 11, 13-18 are pending. 

Response to Arguments 

6. Applicant's arguments filed on July 6, 2009 have been considered but are moot 
in view of the new ground(s) of rejection. 

Claim Objections 

7. Claim 7 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. Claim 7 recites "wherein 
said predetermined value is representative of a subset of critical instruction of said 
program" while claim 1 from which claim 7 depends recite "said predetermined value 
being an address of an anomaly processing function". Appropriate correction is 
required. 
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8. Claim 8 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. Claim 8 recites "an 
anomaly processing step is executed if, during said unstacking step, a value other than 
said predetermined value is unstacked" while claim 1 from which claim 8 depends 
recites "a step of unstacking said stack wherein if said predetermined value is 
unstacked, the anomaly processing function is executed". Appropriate correction is 
required. 

9. Claim 17 is objected to because of the following informalities: The phrase 
"adapted to" in the claim language ambiguity if such action would be rendered by the 
anomaly processing function. Appropriate correction is required. 



Claim Rejections - 35 USC §112 

1 0. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1 1 . Regarding claim 13, the phrase "such as" renders the claim indefinite because it 
is unclear whether the limitations following the phrase are part of the claimed invention. 
See MPEP§ 2173.05(d). 



Claim Rejections - 35 USC § 103 
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12. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 1-2, 5-9, 11,13-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stahl US 5,274,81 7 in view of Szor US 2004/01 58729 and in view of 
Choi et al. "A New Stack Buffer Overflow Hacking Defense Technique with Memory 
Address Confirmation", ICICS 2001 , pages 146-159 (hereinafter Choi). 

As per claim 1 : 

Stahl teaches a method of making the execution of a computer program secure 
{col. 1, line 36; ensuring that the integrity of the stack during program execution), the 
method comprising: 

a processor performing: (col. 1, lines 55-67; col. 4, lines 52-55) 

a step of stacking a predetermined value in an instruction stack of the program; 
(col. 1, lines 55-67; col. 4, lines 52-55; storing signature word in the stack) and 

a step of unstacking said stack, wherein if said predetermined value is 
unstacked, the anomaly processing function is executed, (col. 1, lines 62-67; col. 4, 
lines 57-64; col. 5, lines 8-1 7; if the signature word stored on the stack matches the 
entry address of the subroutine which was just execute. ..if the compared values do not 
match, it is assumed that an error has occurred and control is passed to the block 
where a software interrupt is executed) 
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Stahl does not explicitly disclose said predetermined value being an address of 
an anomaly processing function, during the normal execution of the program, a step of 
removing said predetermined value from the instruction stack without executing the 
anomaly processing function. Szor in analogous art, however, discloses predetermined 
value being an address of an anomaly processing function, (figure 2, [0033]-[0040], 
[0050]-[0056],[0058]-[0061] Therefore it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the method disclosed by Stahl with 
Szor in order to prevent unauthorized access by malicious hackers or replicating 
malware. ([0040]; Szor) 

Both references do not explicitly disclose during the normal execution of the 
program, a step of removing said predetermined value from the instruction stack without 
executing the anomaly processing function. Choi in analogous art, however, discloses 
during the normal execution of the program, a step of removing said predetermined 
value from the instruction stack without executing the anomaly processing function, 
(page 150-151 ; Section 3.1 and Section 3.2) Therefore it would have been obvious to 
one ordinary skill in the art at the time the invention was made to modify the method 
disclosed by Stahl and Szor with Choi in order to allow the function progress normally if 
the predetermined value has not been changed, (page 150, Choi) 

As per claim 2: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses stacking and unstacking steps are respectively 
associated with elements of at least one subset of instructions of said program, (col. 4, 



Application/Control Number: 10/563,554 Page 6 

Art Unit: 2437 

lines 60-col, 5, lines 37; a branch to the subroutine is executed, the return address is 
stored on the stack ...when the return instruction is encountered, the return address is 
retrieved from the stack) 
As per claim 5: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses said program is written in a programming 
language including a first instruction whose execution implements said stacking step 
and/or a second instruction whose execution implements said unstacking step. (col. 2, 
line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 37) 
As per claim 6: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses second instruction terminates said program or 
a subroutine of said program, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 
37) 

As per claim 7: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses said predetermined value is representative of a 
subset of critical instructions of said program, (col. 2, line 61 -col 4, line 21; col. 4, lines 
60-col, 5, lines 37) 
As per claim 8: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses it includes an anomaly processing step 
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executed if, during said unstacking step, a value other than said predetermined value is 
unstacked. (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 37) 
As per claim 9: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses wherein said program includes at least one call 
to a subroutine, characterized in that said stacking step is effected before said call and 
said predetermined value is eliminated from said stack during execution of said 
subroutine, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, lines 37) 

As per claim 1 1 : 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses wherein said programming includes at least 
one call to a subroutine, characterized in that said stacking step is effected during 
execution of said subroutine and said predetermined value is eliminated from said stack 
after execution of said subroutine, (col. 2, line 61 -col 4, line 21; col. 4, lines 60-col, 5, 
lines 37) 

As per claim 13: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses a computer readable information recording 
medium with a computer program recorded thereon, said information recording medium 
totally or partially removable, in particular a CD-ROM, or a magnetic medium, such as a 
hard disk or diskette wherein it includes instructions of the computer program for 
implementing a method according to claim 1 when that program is loaded into and 
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executed by an electronic data processing system, (col. 2, line 61-col 4, line 21; col. 4, 
lines 60-col, 5, lines 37) 
As per claim 14: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses a computer readable information recording 
medium with a computer program recorded thereon, said computer program including 
instructions for executing a method according to claim 1 when that program is loaded 
into and executed by an electronic data processing system, (col. 2, line 61-col 4, line 21; 
col. 4, lines 60-col, 5, lines 37) 

As per claim 15: 

The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. Stahl further discloses electronic entity that has been made secure 
wherein it includes means for implementing a method according to claim 1 . (col. 2, lines 
15-33) 

1 . Claims 3-4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stahl 
US 5,274,817 817 in view of Szor US 2004/0158729 and in view of Choi et al. "A New 
Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view Mclnerney et al. 
(hereinafter Mclnerney) US 5,956,479. 
As per claim 3: 
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The combination of Stahl, Szor and Choi teaches all the subject matter as 
discussed above. None of the references explicitly disclose elements are respectively 
an opening bracket and a closing bracket in a system of brackets. Mclnerney in 
analogous art, however, discloses that elements are respectively an opening bracket 
and a closing bracket in a system of brackets, (col. 15, lines 12-21; set-up instruction 
map for function execution, ... such as opening and closing brace) Therefore it would 
have been obvious to one ordinary skill in the art at the time the invention was made to 
modify the method disclosed by Stahl, Szor and Choi with Mclnerney in order to set-up 
instruction map for a function execution to some predefined source position, such as 
opening and closing brace, (col. 15, lines 15-21; Mclnerney) 

As per claim 4: 

The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. Stahl further discloses in that said unstacking step is 
associated with a return instruction of said program or a subroutine of said program, 
(col. 4, lines 60-col, 5, lines 37) 

2. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stahl US 
5,274,817 in view of Szor US 2004/0158729 and in view of Choi et al. "A New Stack 
Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view of Zisowski US 
2003/0188174. 

As per claim 16: 
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The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. None of the references explicitly disclose the electronic 
entity is a smart card. Zisowski in analogous art, however, discloses that the electronic 
entity is a smart card, (page 2, pp. 17 and 30) Therefore it would have been obvious to 
one ordinary skill in the art at the time the invention was made to modify the method 
disclosed by Stahl, Szor and Choi with Zisowski in order to provide a system for 
detecting a possible malicious program that allows the identification of missing, added 
or modified program modules to a computer program running on microcontrollers, (page 

2, pp. 29-30; Zisowski) 

3. Claims 1 7-1 8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Stahl US 5,274,817 in view of Szor US 2004/0158729 and in view of Choi et al. "A New 
Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation", 
ICICS 2001, pages 146-159 (hereinafter Choi) and further in view of Pritchard et al. 
(hereinafter Pritchard) US 2002/0166067. 

As per claims 1 7 and 18: 

The combination of Stahl, Szor, Choi and Mclnerney teaches all the subject 
matter as discussed above. None of the references explicitly disclose wherein the 
anomaly processing function is adapted to destroy an operating system of said smart 
card. Pritchard in analogous, art, however, discloses wherein the anomaly processing 
function is adapted to destroy an operating system of said smart card. ([0073], [0087]) 
Therefore it would have been obvious to one ordinary skill in the art at the time the 
invention was made to modify the method disclosed by Stahl, Szor and Choi with 
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Pritchard in order to provide automatically remove the anomaly by a clean version of the 
operating system. ([0073]; Pritchard) 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/S. Q.I 

Examiner, Art Unit 2437 
/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



